Actually our decryptor and encryptor rely on Nimbus since 3.1.6. Or to be more exact ``` <groupId>com.nimbusds</groupId> <artifactId>nimbus-jose-jwt</artifactId> <version>6.3</version> ``` We started to move away from own implementation due to compatibility and ongoing corner cases which can consume a lot of time to cover correctly. We have cross test between nimbus, jose and gluu wrapper which shows generic compatibility. https://github.com/GluuFederation/oxAuth/blob/0a7d4dfcbd46bd4d678081de646fe8bd82a45dc7/Server/src/test/java/org/xdi/oxauth/comp/CrossEncryptionTest.java#L62 On what exactly issue did you run into? Thanks, Yuriy Z

We're still figuring out if its a configuration issue (wrong key...) or a problem with cjose but I was just wondering about the GLUU side of things The cross-testing seems a good approach indeed, although one could argue there's a lot more variations and combinations of algorithms and ciphers that could be included in there. All good for now, thanks. I'll open a new issue if I pinpoint the problem down to GLUU's implementation of a particular alg/enc.

Thanks, Hans. Let us know what you find. Closing the ticket, but you can still post your findings here, or open a new ticket as needed.